diff --git a/dns/dnsdist/Makefile b/dns/dnsdist/Makefile index 2ec3cb1fa635..a313d42a06cf 100644 --- a/dns/dnsdist/Makefile +++ b/dns/dnsdist/Makefile @@ -1,98 +1,97 @@ # Created by: Carlos J Puga Medina PORTNAME= dnsdist -DISTVERSION= 1.7.0 +DISTVERSION= 1.7.1 CATEGORIES= dns net MASTER_SITES= https://downloads.powerdns.com/releases/ MAINTAINER= tremere@cainites.net COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer LICENSE= GPLv2 ISCL MIT LICENSE_COMB= multi LICENSE_FILE_GPLv2= ${WRKSRC}/COPYING LICENSE_FILE_ISCL= ${WRKSRC}/ext/ipcrypt/LICENSE LICENSE_FILE_MIT= ${WRKSRC}/ext/yahttp/LICENSE NOT_FOR_ARCHS= i386 NOT_FOR_ARCHS_REASON= archs with 32-bits time_t are no longer supported by upstream BUILD_DEPENDS= ${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \ libh2o-evloop.so:www/h2o \ libre2.so:devel/re2 \ libsodium.so:security/libsodium USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool \ localbase pkgconfig tar:bz2 -USE_RC_SUBR= dnsdist - CPE_VENDOR= powerdns +USE_RC_SUBR= dnsdist GNU_CONFIGURE= yes CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \ --enable-dns-over-https \ --enable-dns-over-tls \ --enable-dnscrypt \ --sysconfdir=${ETCDIR} \ --with-libsodium \ --with-re2 INSTALL_TARGET= install-strip USERS= _dnsdist GROUPS= _dnsdist OPTIONS_DEFINE= DNSTAP SNMP OPTIONS_DEFAULT= CDB GNUTLS LMDB LUA OPENSSL OPTIONS_GROUP= KSVOPT OPTIONS_GROUP_KSVOPT= CDB LMDB OPTIONS_MULTI= TLS OPTIONS_MULTI_TLS= GNUTLS OPENSSL OPTIONS_SINGLE= EXTLUA OPTIONS_SINGLE_EXTLUA= LUA LUAJIT LUAJITOR CDB_DESC= CDB backend DNSTAP_DESC= dnstap support (see dnstap.info) KSVOPT_DESC= Key Value Stores LMDB_DESC= LMDB backend LUAJITOR_DESC= Use lang/luajit-openresty LUAJIT_DESC= Use lang/luajit LUA_DESC= Use lang/lua CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb CDB_CONFIGURE_ON= CDB_CFLAGS="-I${LOCALBASE}/include" \ CDB_LIBS="-L${LOCALBASE}/lib -lcdb" DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm DNSTAP_CONFIGURE_ENABLE= dnstap GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls GNUTLS_CONFIGURE_WITH= gnutls LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb LMDB_CONFIGURE_ON= --with-lmdb=${LOCALBASE} LMDB_CONFIGURE_OFF= --without-lmdb LUAJITOR_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty LUAJITOR_CONFIGURE_ON= --with-lua=luajit LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit LUAJIT_CONFIGURE_ON= --with-lua=luajit LUA_USES= lua LUA_CONFIGURE_ON= --with-lua=lua-${LUA_VER} OPENSSL_USES= ssl OPENSSL_CONFIGURE_ON= LIBSSL_CFLAGS=-I${OPENSSLINC} \ LIBSSL_LIBS="-L${OPENSSLLIB} -lssl" OPENSSL_CONFIGURE_WITH= libssl SNMP_LIB_DEPENDS= libnetsnmp.so:net-mgmt/net-snmp SNMP_CONFIGURE_WITH= net-snmp post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/dnsdist.conf.sample ${STAGEDIR}${ETCDIR} .include diff --git a/dns/dnsdist/distinfo b/dns/dnsdist/distinfo index bff8ffa2fd60..e3ec6ae86bc9 100644 --- a/dns/dnsdist/distinfo +++ b/dns/dnsdist/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1642434869 -SHA256 (dnsdist-1.7.0.tar.bz2) = 78cc72cb0ccf7fb5f3f2fae09c79eda65a5256374da09bb541b735ea6868fc64 -SIZE (dnsdist-1.7.0.tar.bz2) = 1392585 +TIMESTAMP = 1651452973 +SHA256 (dnsdist-1.7.1.tar.bz2) = 273a8212be2ddfaf754f752bcda4c2abc671ca5d42f776263312eb4661ea2d66 +SIZE (dnsdist-1.7.1.tar.bz2) = 1392179 diff --git a/dns/dnsdist/files/patch-credentials.cc b/dns/dnsdist/files/patch-credentials.cc new file mode 100644 index 000000000000..4d71e65ad7aa --- /dev/null +++ b/dns/dnsdist/files/patch-credentials.cc @@ -0,0 +1,101 @@ +--- credentials.cc.orig 2021-11-23 18:39:17 UTC ++++ credentials.cc +@@ -28,7 +28,7 @@ + #include + #endif + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + #include + #include + #include +@@ -42,7 +42,7 @@ + #include "credentials.hh" + #include "misc.hh" + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + static size_t const pwhash_max_size = 128U; /* maximum size of the output */ + static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ + static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ +@@ -95,7 +95,7 @@ void SensitiveData::clear() + + static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); + if (!pctx) { + throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); +@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str + + static std::string generateRandomSalt() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + /* generate a random salt */ + std::string salt; + salt.resize(pwhash_salt_size); +@@ -159,7 +159,7 @@ static std::string generateRandomSalt() + + std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string result; + result.reserve(pwhash_max_size); + +@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, + + std::string hashPassword(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); + #else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) + + bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); + return constantTimeStringEquals(expected, binaryHash); + #else +@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con + /* parse a hashed password in PHC string format */ + static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto parametersEnd = hash.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format, no parameters"); +@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std + return false; + } + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string salt; + std::string hashedPassword; + uint64_t workFactor = 0; +@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std + + bool isPasswordHashed(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { + return false; + } +@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas + + bool CredentialsHolder::isHashingAvailable() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return true; + #else + return false;